From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web09.25.1626722630842741030 for ; Mon, 19 Jul 2021 12:23:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=XUZXfl5Y; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16JJ69NQ104862; Mon, 19 Jul 2021 15:23:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : to : cc : references : from : message-id : date : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pp1; bh=PHjqq8SMa2sF0+cBUPfRkRzEg/87cFZlTl1xGXIXq1g=; b=XUZXfl5YapU0EmQxmpsP52HEgxwnzKRm0pWYRyulgzAw1CXAMIJJyk1665IQCpd5pIoX chDlG3QBF4PgyqlB2iIqKBGpEmSJsLS+6z4rPg95XGqoLgIRL5Gc/s9QJ3pshF1dZbjp w4xLUnDGmJQnzEC++zRdvCTnugv/Sf33Y7XXWE4E8nuxY5HwfwL8vg3zfX37aVUPJ6S5 v5GkHQnx9GESHirx9mL7K925qkSAE1RHXoVuMu3p0kiQ2WHf9V9rBMdzBsJ6ZRWSO1qM yEEi/LDsMP7SELjWzVk33uADB559ApfaPx9Ym4tpPpho2QKN72Y4F7B8vGFfintFmRoL lQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 39we61af91-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Jul 2021 15:23:49 -0400 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 16JJ7S7O110081; Mon, 19 Jul 2021 15:23:48 -0400 Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com with ESMTP id 39we61af8g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Jul 2021 15:23:48 -0400 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 16JJEeEV027864; Mon, 19 Jul 2021 19:23:47 GMT Received: from b01cxnp23032.gho.pok.ibm.com (b01cxnp23032.gho.pok.ibm.com [9.57.198.27]) by ppma01wdc.us.ibm.com with ESMTP id 39upub22an-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Jul 2021 19:23:47 +0000 Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com [9.57.199.107]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 16JJNkZb52560176 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 19 Jul 2021 19:23:46 GMT Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2986A12405B; Mon, 19 Jul 2021 19:23:46 +0000 (GMT) Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D9493124052; Mon, 19 Jul 2021 19:23:40 +0000 (GMT) Received: from [9.65.195.237] (unknown [9.65.195.237]) by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 19 Jul 2021 19:23:40 +0000 (GMT) Subject: Re: [PATCH v2 04/11] OvmfPkg: add library class BlobVerifierLib with null implementation To: Tom Lendacky , devel@edk2.groups.io Cc: Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu , Dov Murik References: <20210706085501.1260662-1-dovmurik@linux.ibm.com> <20210706085501.1260662-5-dovmurik@linux.ibm.com> <8f07b11e-90cd-1ecf-c512-5b17bf616a65@amd.com> From: "Dov Murik" Message-ID: <4696ade5-de8a-7459-54fb-805ab94f8681@linux.ibm.com> Date: Mon, 19 Jul 2021 22:23:39 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 In-Reply-To: <8f07b11e-90cd-1ecf-c512-5b17bf616a65@amd.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: hV752uUF1KLrN1Ic2b_eF631VSKKUECx X-Proofpoint-GUID: p4fqMpyaAbv_2quApMyp4mrfwVBQEFeZ X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790 definitions=2021-07-19_09:2021-07-19,2021-07-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 bulkscore=0 spamscore=0 malwarescore=0 mlxscore=0 lowpriorityscore=0 adultscore=0 suspectscore=0 mlxlogscore=999 phishscore=0 clxscore=1015 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107190109 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 19/07/2021 18:50, Tom Lendacky wrote: > On 7/6/21 3:54 AM, Dov Murik wrote: >> BlobVerifierLib will be used to verify blobs fetching them from QEMU's >> firmware config (fw_cfg) in platforms that enable such verification. >> >> The null implementation NullBlobVerifierLib treats all blobs as valid. >> >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Jordan Justen >> Cc: Ashish Kalra >> Cc: Brijesh Singh >> Cc: Erdem Aktas >> Cc: James Bottomley >> Cc: Jiewen Yao >> Cc: Min Xu >> Cc: Tom Lendacky >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 >> Signed-off-by: Dov Murik >> --- >> OvmfPkg/OvmfPkg.dec | 3 ++ >> OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf | 27 ++++++++++++++ >> OvmfPkg/Include/Library/BlobVerifierLib.h | 38 ++++++++++++++++++++ >> OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c | 34 ++++++++++++++++++ >> 4 files changed, 102 insertions(+) >> >> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec >> index 6ae733f6e39f..f82228d69cc2 100644 >> --- a/OvmfPkg/OvmfPkg.dec >> +++ b/OvmfPkg/OvmfPkg.dec >> @@ -23,6 +23,9 @@ [LibraryClasses] >> ## @libraryclass Access bhyve's firmware control interface. >> BhyveFwCtlLib|Include/Library/BhyveFwCtlLib.h >> >> + ## @libraryclass Verify blobs read from the VMM >> + BlobVerifierLib|Include/Library/BlobVerifierLib.h >> + >> ## @libraryclass Loads and boots a Linux kernel image >> # >> LoadLinuxLib|Include/Library/LoadLinuxLib.h >> diff --git a/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf b/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf >> new file mode 100644 >> index 000000000000..c8942ad05d96 >> --- /dev/null >> +++ b/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf >> @@ -0,0 +1,27 @@ >> +## @file >> +# >> +# Null implementation of the blob verifier library. >> +# >> +# Copyright (C) 2021, IBM Corp >> +# >> +# SPDX-License-Identifier: BSD-2-Clause-Patent >> +# >> +## >> + >> +[Defines] >> + INF_VERSION = 0x00010005 > > You can specify the INF_VERSION using x.y format now, and I believe the > latest is 1.29. Thanks, I'll change that. > >> + BASE_NAME = NullBlobVerifierLib > > Typically, the NULL libraries would be named BlobVerifierLibNull. You're right; I'll rename. > >> + FILE_GUID = b1b5533e-e01a-43bb-9e54-414f00ca036e >> + MODULE_TYPE = BASE >> + VERSION_STRING = 1.0 >> + LIBRARY_CLASS = BlobVerifierLib >> + >> +[Sources] >> + NullBlobVerifier.c >> + >> +[Packages] >> + MdePkg/MdePkg.dec >> + OvmfPkg/OvmfPkg.dec >> + >> +[LibraryClasses] >> + DebugLib > > Is this library (and associated include below) needed? Probably not; I'll remove. > >> diff --git a/OvmfPkg/Include/Library/BlobVerifierLib.h b/OvmfPkg/Include/Library/BlobVerifierLib.h >> new file mode 100644 >> index 000000000000..667024766681 >> --- /dev/null >> +++ b/OvmfPkg/Include/Library/BlobVerifierLib.h >> @@ -0,0 +1,38 @@ >> +/** @file >> + >> + Blob verification library >> + >> + This library class allows verifiying whether blobs from external sources >> + (such as QEMU's firmware config) are trusted. >> + >> + Copyright (C) 2021, IBM Corporation >> + >> + SPDX-License-Identifier: BSD-2-Clause-Patent >> +**/ >> + >> +#ifndef BLOB_VERIFIER_LIB_H__ >> +#define BLOB_VERIFIER_LIB_H__ >> + >> +#include >> +#include >> + >> +/** >> + Verify blob from an external source. >> + >> + @param BlobName The name of the blob > > I believe this is supposed to be @param[in] > OK. >> + @param Buf The data of the blob >> + @param BufSize The size of the blob in bytes >> + >> + @retval EFI_SUCCESS The blob was verified successfully. >> + @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore >> + should be considered non-secure. >> +**/ >> +EFI_STATUS >> +EFIAPI >> +VerifyBlob ( >> + IN CONST CHAR16 *BlobName, >> + IN CONST VOID *Buf, >> + UINT32 BufSize > > Missing "IN" here (same below for these). > You're right. I'll add it. Thanks, -Dov > Thanks, > Tom > >> + ); >> + >> +#endif >> diff --git a/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c b/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c >> new file mode 100644 >> index 000000000000..7b31b6ec767d >> --- /dev/null >> +++ b/OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c >> @@ -0,0 +1,34 @@ >> +/** @file >> + >> + Null implementation of the blob verifier library. >> + >> + Copyright (C) 2021, IBM Corporation >> + >> + SPDX-License-Identifier: BSD-2-Clause-Patent >> +**/ >> + >> +#include >> +#include >> +#include >> + >> +/** >> + Verify blob from an external source. >> + >> + @param BlobName The name of the blob >> + @param Buf The data of the blob >> + @param BufSize The size of the blob in bytes >> + >> + @retval EFI_SUCCESS The blob was verified successfully. >> + @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore >> + should be considered non-secure. >> +**/ >> +EFI_STATUS >> +EFIAPI >> +VerifyBlob ( >> + IN CONST CHAR16 *BlobName, >> + IN CONST VOID *Buf, >> + UINT32 BufSize >> + ) >> +{ >> + return EFI_SUCCESS; >> +} >>